CVE-2020-15245

{"id": "CVE-2020-15245", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-10-19T21:15:12.810", "references": [{"url": "https://github.com/Sylius/Sylius/commit/60636d711a4011e8694d10d201b53632c7e8ecaf", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-6gw4-x63h-5499", "tags": ["Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here."}, {"lang": "es", "value": "En Sylius versiones anteriores a 1.6.9, 1.7.9 y 1.8.3, el usuario puede registrarse en una tienda mediante el correo electr\u00f3nico mail@example.com, verificarlo, cambiarlo al correo another@domain.com y permanecer verificado y habilitado. Esto puede conllevar a tener cuentas dirigidas a correos electr\u00f3nicos totalmente diferentes, que fueron verificados. Tome en cuenta que de esta manera uno no es capaz de tomar el control de ninguna cuenta existente (de invitado o normal). El problema ha sido parcheado en Sylius versiones 1.6.9, 1.7.9 y 1.8.3. Como soluci\u00f3n alternativa, puede resolver este problema por su cuenta mediante la creaci\u00f3n de un detector de eventos personalizado, que escuchar\u00e1 el evento sylius.customer.pre_update. Puede determinar que el correo electr\u00f3nico ha sido cambiado si el correo electr\u00f3nico del cliente y el nombre de usuario son diferentes. Estos se sincronizan m\u00e1s tarde. Preste atenci\u00f3n al comportamiento cambiante del correo electr\u00f3nico para los administradores. Puede necesitar omitir esta l\u00f3gica para ellos. En funci\u00f3n de lograr esto, debe comprobar la informaci\u00f3n de la ruta de petici\u00f3n maestra, si no contiene el prefijo /admin o ajustar el evento activado durante la actualizaci\u00f3n del cliente en la tienda. Puede encontrar m\u00e1s informaci\u00f3n sobre c\u00f3mo personalizar el evento aqu\u00ed"}], "lastModified": "2021-11-18T16:19:33.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E8B8E9-D805-4E1A-8AB4-B06B322668DA", "versionEndExcluding": "1.6.9"}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C4F2B73-6B56-4226-9F97-F5B3C2F14B4F", "versionEndExcluding": "1.7.9", "versionStartIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B995A95C-06CD-46C4-90C4-FF42915BAFAF", "versionEndExcluding": "1.8.3", "versionStartIncluding": "1.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}